Data Protection Statement

The protection of your personal data is important to us. We therefore process your data exclusively on the basis of the applicable legal provisions. In this data privacy statement, we inform you about the most important aspects of data processing and our measures for complying with the GDPR.

1. Who is responsible for processing and whom can you contact?

The data controller is:
Industrie Informatik GmbH
Wolfgang-Pauli-Str. 2, 4020 Linz, Austria
Phone: +43 732 6978 – 0
Email: info@industrieinformatik.com

The central contact details of the data protection officer are as follows:
Industrie Informatik GmbH
Michaela Horner
Wolfgang-Pauli-Str. 2, 4020 Linz, Austria
datenschutz@industrieinformatik.com

2. What are the purposes for which the personal data are to be processed, and what is the legal basis for the processing?

We process your personal data for the following purposes based on the aforementioned legal grounds:

• Contractual performance (Art. 6 para. 1 lit. b GDPR): Fulfillment of contractual obligations to our customers and business partners, as well as the implementation of pre-contractual measures.
• Legitimate interests of Industrie Informatik (Art. 6 para. 1 lit. f GDPR): Processing and responding to your inquiries to initiate a business relationship. Our legitimate interest lies in efficient communication with potential new customers.
• IT operations and IT security (Art. 6 para. 1 lit. f GDPR): Ensuring the security, confidentiality, and availability of our IT systems and data.
• Direct marketing (Art. 6 para. 1 lit. f GDPR): Sending product information and newsletters to existing customers and prospective customers, unless an objection has been raised pursuant to Art. 21 GDPR. Our legitimate interest is to provide information about our services to promote the conclusion of contracts.
• Legal obligations (Art. 6 para. 1 lit. c GDPR): Fulfillment of legal requirements, in particular accounting, tax, and documentation obligations (e.g., according to the Austrian Federal Fiscal Code (BAO) and the Austrian Commercial Code (UGB)).
• Data subject requests (Art. 6 para. 1 lit. c GDPR): Processing of requests to exercise your data subject rights (access, erasure, etc.) in accordance with the GDPR.
• Consent (Art. 6 para. 1 lit. a GDPR): Processing for specific purposes for which you have given us your explicit consent. This consent can be revoked at any time with effect for the future.

3. Which categories of personal data are processed?

We process the personal data that we receive from customers, business partners, employees, service providers, or prospective customers within the scope of the business relationship or in connection with a data subject request. We also process personal data that we have lawfully collected or received from publicly accessible sources (e.g., websites, address publishers, media). The categories of personal data processed essentially include contact details (e.g. name, address, telephone number, email address) and data from the fulfillment of the contract (e.g. invoice data).

4. Who receives your data (recipients)?

4.1. Within Industrie Informatik, those employees who need the data to fulfill Industrie Informatik’s contractual and legal obligations, as well as for the other purposes described in section 2, receive it.

4.2. In addition, your data is received by those recipients who need it to fulfill their respective services in connection with Industrie Informatik’s contractual obligations to you (e.g., IT service providers, providers, hosting partners, or technology partners), or where another legal basis exists (e.g., tax advisors, auditors, lawyers, banks and payment service providers, as well as authorities and public bodies).

4.3. For the provision of our services (in particular, support and maintenance services): Within the EEA: Data processing is carried out on the basis of data processing agreements (DPAs) pursuant to Article 28 GDPR. Outside the EEA (third countries): If data is transferred to countries without an adequate level of data protection (e.g., China) or if access is gained from such countries, we ensure the level of protection by concluding EU Standard Contractual Clauses (SCCs). This obligates the recipients to comply with European data protection standards.

4.4. Data transfer to the USA: We transfer data to partners in the USA (e.g., Google) who are certified under the EU-U.S. Data Privacy Framework. The European Commission issued an adequacy decision on July 10, 2023, confirming that certified companies in the USA provide an adequate level of data protection (Art. 45 GDPR). If partners are not certified or if the transfer is carried out via consent-based cookies, processing is based on your explicit consent pursuant to Art. 49 para. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future via our cookie settings.

5. How long will your personal data be stored?

Industrie Informatik stores personal data to the extent necessary for the purposes of its processing, in particular for the duration of the entire business relationship, and beyond that in accordance with statutory retention and documentation obligations, e.g., under the Austrian Commercial Code (UGB) and the Austrian Federal Fiscal Code (BAO). Statutory limitation periods must also be taken into account when determining the storage period.

6. What data protection rights do data subjects have?

A data subject has the right to information, rectification, erasure, restriction of processing, and data portability of their stored data at any time, as well as the right to object to processing in accordance with the requirements of data protection law. Complaints can be addressed to the Austrian Data Protection Authority.

6.1. Objection to the processing of your personal data for direct marketing purposes: You have the right to object at any time to the processing of your personal data for direct marketing purposes (e.g., newsletters). As a result of your objection, your personal data will no longer be processed for these purposes.

6.2. Withdrawal of Consent: You have the right to withdraw your consent to the processing of your personal data for one or more specific purposes at any time. This also applies to consents given before May 25, 2018. Such objections or withdrawals should be sent to: datenschutz@industrieinformatik.com

7. Are you obligated to provide data?

As part of our business relationship, we require the personal data from you that is necessary for establishing and maintaining the business relationship and which we are legally obligated to collect. If you do not provide us with this data, we will generally have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and will consequently have to terminate it. However, you are not obligated to consent to data processing with regard to data that is not relevant for the performance of the contract or not legally required.

8. Is there automated decision-making, including profiling?

Industrie Informatik does not use automated decision-making pursuant to Article 22 GDPR to make decisions regarding the establishment and maintenance of the business relationship.